The concept of a computer network has been revolutionized over the last decade. Computer networks have evolved from being independent entities that were limited to small geographic areas or single organizations into today's globally interconnected networks, such as the Internet. Thus, small and individual networks have become subnets of these larger networks. With this increased interconnectivity comes new and fascinating opportunities for these subnets, but also new dangers and security risks.
For example, much of the success of the Internet can be attributed to the TCP/IP protocol suite. It is the protocol suite that constitutes the Internet's foundation. The TCP/IP protocols allow for communication between host computers independent of their internal architectures. Because they are based on open standards, these protocols have become widely accepted even outside the Internet community.
The TCP/IP protocol suite has expanded and changed with the evolution of computer and communication technology in general, but it still has its roots in the 1960s and 1970s. The concept of a global network, like the Internet, was unthinkable back then. In particular, the overwhelming widespread use and amount of traffic as seen today was not contemplated. As a result, one of the basic limitations of the Internet is that the TCP/IP protocol suite does not have suitable provisions for handling unwanted traffic on a subnet of the Internet.
For example, in the early days of the Internet, subnets of the Internet were small and mostly limited to research communities. Issues other than security were more important in this environment. And, openness was regarded as a very favorable aspect of the TCP/IP protocol suite. This is in great contrast to today's Internet where subnets now require high levels of security as commerce and financial transactions have become major parts of the network traffic.
The best way to provide security to a subnet in order to protect its electronic resources or property is to completely isolate it from the rest of the world. But, this is seldom a desired and realistic option. Most network operators choose instead to protect subnets with devices, such as firewalls, which actively monitor and block the network traffic to and from the subnet. In doing so, these devices receive the network traffic and forward the allowed network traffic and do not forward the unwanted network traffic. However, because these types of devices are active participants in both monitoring and blocking the network traffic, they become bottlenecks and also are vulnerable to attack.